cr50: add pair-wise consistency test for ECDSA key generation.

FIPS requires pair-wise consistency test for asymmetric key generation
algorithms. For U2F we use only ECDSA P-256, so adding this step into
key generation function.

BUG=b:198219806
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py

This test covers U2F and TPM2 uses of ECDSA keygen.

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I520a233e700a68b19c863bad05271f97693b5ca9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3131949
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>

1 files changed, 10 insertions, 0 deletions

diff --git a/board/cr50/dcrypto/dcrypto.h b/board/cr50/dcrypto/dcrypto.h
index b94bbd7eb3..284aa5dd51 100644
--- a/board/cr50/dcrypto/dcrypto.h
+++ b/board/cr50/dcrypto/dcrypto.h
@@ -255,6 +255,16 @@ int DCRYPTO_p256_point_mul(p256_int *out_x, p256_int *out_y, const p256_int *n,
 int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d,
 				const uint8_t bytes[P256_NBYTES]);
 
+/**
+ * Pair-wise consistency test for private and public key.
+ *
+ * @param d - private key (scalar)
+ * @param x - public key part
+ * @param y - public key part
+ * @return !0 on success
+ */
+int DCRYPTO_p256_key_pwct(p256_int *d, p256_int *x, p256_int *y);
+
 /* P256 based integration encryption (DH+AES128+SHA256).
  * Not FIPS 140-2 compliant, not used other than for tests
  * Authenticated data may be provided, where the first auth_data_len